CVE-2020-15594

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
zohocorpmanageengine_application_control_plus
𝑥
< 10.0.511
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://excellium-services.com/cert-xlm-advisory/cve-2020-15594/
https://excellium-services.com/cert-xlm-advisory/cve-2020-15594/